Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 429 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Looking for a Firewall rule for Wrike

John Skadowski1

Hello Sophos Community.

I have had users struggle to be successful with the Wrike website and Wrike Desktop app for putting attachements into their projects for some time now. Sometimes it works, but some times it does not and they users submit IT support tickets.

Wrike has provided the following Wrike Whitelist.  It feels that it is not polished.  Just a grab from some of their SAAS service partners that they rely on or work with. I;ve added these into a Wrike FQDN Group for my firewall rule.  I've added these FQDN's into web exceptions.  I have not added the recommended AWS ip ranges per the json file. Most times it seems that file uploads going to an AWS ip addresses that fail show in the firewall log as "could not associate packet to any connection.".  I have set the UDP timeout pretty high (for VoIP, Wrike and Zoom) and even set IPS/ATP to exclude scanning our Wrike firewall rule. The users still have issues.

console> show advanced-firewall

Tcp Conn. Establishment Idle Timeout : 21600
UDP Timeout : 255
UDP Timeout Stream : 300

console> show ips-settings

-------------IPS Settings-------------
ac_atp_exception_fwrules 16,17

Does anyone have a successful firewall rule and console settings for Wrike they can share?  



This thread was automatically locked due to age.
Parents
  • 0

    Hello ,

    Thank you for reaching out to the community, you can also add the domains into the exception list:
    Exceptions: https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Web/Exceptions/index.html
    List. copy paste under the URL pattern matches one by one !!
    ^([A-Za-z0-9.-]*\.)?www\.wrike\.com/
    ^([A-Za-z0-9.-]*\.)?app-us2\.wrike\.com/
    ^([A-Za-z0-9.-]*\.)?app-eu\.wrike\.com/
    ^([A-Za-z0-9.-]*\.)?wrike\.com/
    ^([A-Za-z0-9.-]*\.)?d3tvpxjako9ywy\.cloudfront\.net/
    ^([A-Za-z0-9.-]*\.)?d1c5qktmphn2d\.cloudfront\.net/
    ^([A-Za-z0-9.-]*\.)?dm0wghfwpe2fj\.cloudfront\.net/
    ^([A-Za-z0-9.-]*\.)?d10b6odojqpx09\.cloudfront\.net/
    ^([A-Za-z0-9.-]*\.)?st\.wrike\.com/
    ^([A-Za-z0-9.-]*\.)?sst\.wrike\.com/

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hi Vivek,

    Thank you for the quick response.  I have these in the Web Exceptions already too.  

    The upload issue for Wrike is that they use AWS for their storage.  If you look closer in the browser code and the transactions you can see that Wrike/AWS embeds a VPN proxy for the file transfer process.  Somehting the Wrike whitelist does not show or suggest to allow for application bypass. I have turned off App and IPS controls on the firewall rule to be safe, but still the issue remains.

    Further thoughts?

  • 0 in reply to John Skadowski1

    Does it work fine in a plain FW rule ? Please try testing with a single source cline machine, and with 'none' option selected for web, app, ips and no scanning applied just plain LAN to WAN with one source IP and destination 'any' and service 'any.' 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    It does not.  I had started testing with a rule as you suggested about 4 weeks ago for 3 users.  They have been in this rule since then.  I had tested adding Allow All for App and IPS to be able to see any activity, but have changed those back to None.

    No dice

    ...



    Added pictures
    [edited by: John Skadowski1 at 1:07 PM (GMT -7) on 2 Sep 2022]
Reply
  • 0 in reply to Vivek Jagad

    It does not.  I had started testing with a rule as you suggested about 4 weeks ago for 3 users.  They have been in this rule since then.  I had tested adding Allow All for App and IPS to be able to see any activity, but have changed those back to None.

    No dice

    ...



    Added pictures
    [edited by: John Skadowski1 at 1:07 PM (GMT -7) on 2 Sep 2022]
Children
Unfiltered HTML